Traditional phishing affects individuals: victims who have disclosed their financial credentials. Our research into phishing kits reveals that many phishermen are changing tactics. And their new targets should be of concern to CISOs everywhere, because most organizations have large amounts of ‘shadow data’ out in the cloud—and the phishermen want to access those accounts.